[CORRECTED] Risky Business feature: A podcast on Bloomberg's absolutely wild Supermicro story

The hardware subversion methods described in the Bloomberg story are plausible...
05 Oct 2018 » Risky Business

In this podcast I interview Stephen Ridley about Bloomberg’s blockbuster – but so far uncorroborated – story about possible hardware supply chain subversion by the Chinese government.

I also lay out some facts I’ve learned since the story broke.

[CORRECTED] I’ve added a correction to this podcast because the only source I could turn up who would corroborate the Bloomberg piece has retracted their claims.

This is a source who has provided me with good information in the past, I’ve known them for about 15 years and they’re very well plugged in. They showed me photos they said were from a teardown of a supermicro motherboard. These photos showed an unlabelled integrated circuit the source said was likely a hardware back door.

Further, the source said there were other problems with the Supermicro gear, including vulnerable firmware and security functions that just didn’t work properly.

Now the source says the photos were from different equipment, not their teardown of the Supermicro gear, and that they did not find hardware back doors on the Supermicro equipment.

So basically that source’s credibility with me is pretty shot right now, and the best I can do is retract my repetition of the source’s claim that they had verified backdoors in the Supermicro equipment.